GHSA-JXPF-XQ2M-Q525 OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

Summary OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the LeftSiblingID / RightSiblingID chain causes Storage.EnumerateEntries and Storage.OpenStream to loop indefinitely, consuming the calling thre...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the ClientImpl::openstream function when processing the Content-Length response header in the streaming API. An attacker can cause the client process to crash by sending a malformed or excessively large...

Linux Distros Unpatched Vulnerability : CVE-2019-10648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Robocode through 1.9.3.5 allows remote attackers to cause external service interaction DNS, as demonstrated by a query for a unique subdomain name within an...

OESA-2022-1509 transfig security update

The transfig utility creates a makefile which translates FIG created by xfig or PIC figures into a specified LaTeX graphics language for example, PostScriptTM. Transfig is used to create TeX documents which are portable i.e., they can be printed in a wide variety of environments. Security Fixes: ...

Xfig 缓冲区错误漏洞

Xfig is a charting tool. A utility program for converting XFig graphic files. A security vulnerability exists in Xfig that stems from a segmentation error in the openstream function in readpics.c...

PT-2019-11963

Name of the Vulnerable Software and Affected Versions Robocode versions prior to 1.9.3.6 Description The issue allows remote attackers to cause external service interaction, specifically DNS queries, by leveraging a .openStream call within java.net.URL. This can be demonstrated by a query for a...

CVE-2018-19194

An issue was discovered in XiaoCms 20141229. /admin/index.php?c=database allows full path disclosure in a "failed to open stream" error message...

PHP file include vulnerability details(including the truncated method)-vulnerability warning-the black bar safety net

One, what is”remote file inclusion vulnerability”for? The answer is: the server through the php properties of a function to contain any files, since you want to include this file source filter is not strict, so can go to that contains a malicious file and we can construct the malicious file to...

Plogger exploit method! - Vulnerability warning-the black bar safety net

http://www.hackeroo.com/Plogger 是 一 款 基于 PHP 的 网络日记 程序 the. Plogger does not filter the user submits the URI of the data, exploit vulnerabilities in the WEB permissions to execute arbitrary commands. Vulnerability in'plog-admin-functions.php'script for user-submitted'configbasedir'parameter is no...